ModSecurity is a powerful web application layer firewall for Apache web servers. It monitors the whole HTTP traffic to an Internet site without affecting its functionality and when it identifies an intrusion attempt, it prevents it. The firewall furthermore keeps a more thorough log for the traffic than any server does, so you'll manage to monitor what's happening with your sites better than if you rely only on conventional logs. ModSecurity uses security rules based on which it helps prevent attacks. For instance, it identifies whether somebody is trying to log in to the administration area of a certain script several times or if a request is sent to execute a file with a certain command. In these circumstances these attempts set off the corresponding rules and the firewall software hinders the attempts immediately, and then records detailed info about them in its logs. ModSecurity is among the best software firewalls on the market and it could easily protect your web apps against many threats and vulnerabilities, particularly if you don’t update them or their plugins frequently.

ModSecurity in Shared Web Hosting

We provide ModSecurity with all shared web hosting solutions, so your web apps will be shielded from malicious attacks. The firewall is activated as standard for all domains and subdomains, but if you'd like, you will be able to stop it through the respective part of your Hepsia Control Panel. You'll be able to also switch on a detection mode, so ModSecurity will keep a log as intended, but shall not take any action. The logs that you will discover within Hepsia are quite detailed and feature data about the nature of any attack, when it happened and from what IP, the firewall rule which was triggered, and so on. We use a set of commercial rules which are often updated, but sometimes our admins add custom rules as well in order to better protect the websites hosted on our machines.

ModSecurity in Semi-dedicated Hosting

All semi-dedicated hosting packages that we offer include ModSecurity and since the firewall is switched on by default, any site which you set up under a domain or a subdomain will be protected immediately. A separate section in the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it'll allow you to stop and start the firewall for any website or activate a detection mode. With the last mentioned, ModSecurity will not take any action, but it will still detect possible attacks and will keep all info within a log as if it were 100% active. The logs can be found in the exact same section of the Control Panel and they include info about the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, etcetera. The security rules we use on our servers are a mix of commercial ones from a security business and custom ones developed by our system admins. Therefore, we offer increased security for your web apps as we can shield them from attacks even before security corporations release updates for new threats.

ModSecurity in VPS Web Hosting

All virtual private servers that are set up with the Hepsia CP feature ModSecurity. The firewall is set up and switched on by default for all domains that are hosted on the server, so there will not be anything special that you'll need to do to protect your websites. It will take you just a mouse click to stop ModSecurity if necessary or to turn on its passive mode so that it records what occurs without taking any steps to prevent intrusions. You shall be able to see the logs generated in active or passive mode via the corresponding section of Hepsia and learn more about the type of the attack, where it originated from, what rule the firewall used to take care of it, etc. We use a mixture of commercial and custom rules in order to ensure that ModSecurity will stop as many threats as possible, consequently improving the security of your web programs as much as possible.

ModSecurity in Dedicated Servers Hosting

ModSecurity is provided as standard with all dedicated servers that are set up with the Hepsia CP and is set to “Active” automatically for any domain that you host or subdomain you create on the hosting server. Just in case that a web app doesn't work correctly, you can either turn off the firewall or set it to function in passive mode. The second means that ModSecurity will maintain a log of any potential attack which might occur, but won't take any action to prevent it. The logs produced in passive or active mode shall present you with additional details about the exact file that was attacked, the form of the attack and the IP it came from, etcetera. This data will permit you to determine what actions you can take to boost the security of your websites, including blocking IPs or performing script and plugin updates. The ModSecurity rules which we use are updated often with a commercial pack from a third-party security enterprise we work with, but sometimes our admins include their own rules as well if they identify a new potential threat.